1. Unvalidated Parameters Most importantly, turn off register_globals. This configuration setting defaults to off in PHP 4.2.0 and later. Access values from URLs, forms, and cookies through the superglobal arrays $_GET, $_POST, and $_COOKIE. Before you use values from the superglobal arrays, validate them to make sure they don’t contain unexpected input. If you know